Posts by BuchmannDesign

Data Validation issues have been found in your theme. All dynamic data must be correctly escaped for the context where it is rendered.
- All dynamic data must be escaped with esc_attr() before rendered in an html attribute.
- Whenever you are rendering a url to the screen its value must be passed through esc_url() first.
- If dynamic data is rendered inside an attribute that triggers a JavaScript event, it must be escaped with esc_js().

I combed through all my theme files and escaped everything I could find. But still the reviewer calls me out on this. I just don’t know what to do now.

Does anyone know of a plugin that can help me debug these issues? The theme reviewer certainly must be using some kind of plugin that shows the problems.